Lucene search
K

4 matches found

Patchstack
Patchstack
added 2023/06/05 12:0 a.m.15 views

WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2300 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 3b4b71b799e4 Credits Jonas...

6.4CVSS5.6AI score0.0051EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2023/06/03 5:15 a.m.28 views

CVE-2023-2300

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

6.4CVSS5.7AI score0.0051EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/03 4:35 a.m.44 views

CVE-2023-2300 Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the editposts...

6.4CVSS5.8AI score0.0051EPSS
Exploits1References4
CVE
CVE
added 2023/06/03 4:35 a.m.54 views

CVE-2023-2300

CVE-2023-2300 refers to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin Contact Form Builder by vcita (≤ 4.9.1). The issue arises from insufficient input sanitization and output escaping of the email parameter, allowing an authenticated attacker with edit_posts capabilit...

6.4CVSS5.2AI score0.0051EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder